home | legal stuff | glossary | blog | search

 Legend:  new window    outside link    tools page  glossary link   

How (and why) to trace and report spam

Maybe you’re content just to delete the spam from your inbox, to find a way to filter it out, or to get a new e-mail address with hopes of being able to keep it out of the clutches of the spammers. These are all perfectly acceptable responses to the problem, and will work just fine for most folks.

However, if you’re sick and tired of serial spamming and want to take more proactive measures against it, you will want to learn how to report it: that is, to trace down the internet services responsible for supporting the spam, and then file spam complaints with them. On this page, I’ll describe why reporting is necessary, and then tell you how to do it (or how to use other services to do it for you).

Why report spam?

The reason for reporting spam is to inform internet providers that their resources have been abused to send or support spam. Honest and reputable providers are going to want to know about such abuse, because it may be:

To whom do you report spam?

First of all, I hope that it is obvious to you that you should never attempt to complain directly to the spammers. By and large, such people have no regard for your complaints, and even if you could reach them, they would simply send you more spam (or sell your address to other spammers) for your pains. Certainly, you should not send return mail to the spammers (since it probably won’t get back to them in any case), but you should also take some care when you analyze spam to make sure that your complaints won’t go to them either (we’ll cover how that is done later on).

In fact, the parties you want to contact are the internet service providers (ISPs) whose facilities were used in mailing or otherwise supporting the spam campaign. For a typical spam, these would include the following:

  1. The ISP that operates the IP address from which the mail was originated.
  2. The ISP that operates any open-relay mail host that relayed the spam from the originator to you.
  3. The ISP(s) that provide(s) the web hosting services for any website(s) connected with the spam.

In certain cases, you may also want to direct reports to the following:

  1. The domain registrar that sold a persistent and long-lived spam domain, particularly if the spammer has provided phony contact information for the domain.
  2. The e-mail provider responsible for e-mail addresses that appear as contacts in the spam, if these addresses are actually intended for use in replying to the spam pitch (most e-mail addresses that appear in spam are bogus and not intended for use in replies).

If you receive spam from (or on behalf of) a “reputable” company that ought to know better, you are also entitled to complain directly to that company. Many marketing folks at these firms may not understand the ethics (or lack thereof) of spam, and I suspect this makes them vulnerable to the pitches of spam remailers and “affiliates” who promise gigantic 100% opt-in list coverage. I feel confident that once most of them receive a few hundred complaints about the practice, they’ll distance themselves from it. I suspect that a postal mail letter to the president of the company might have more impact than an e-mail to the customer service department, but it doesn’t hurt to try both.

To whom do you not report spam?

Here are some examples of whom you don’t want to include in your reporting:

  1. Usually, you don’t want to report spam to your own provider, unless of course you find that the spam originated from one of their addresses or otherwise made some use of their resources. Your provider is not really in a position to deal with spam messages that come from outside its domains. On the other hand, you may certainly ask what steps your provider is taking to limit the spam you receive and how you can protect the inbox they’ve provided to you.
  2. In general, you should not report spam to the providers associated with any e-mail addresses you see in the spam. These addresses are almost always made up or stolen by the spammer, and any complaints sent to them will be misdirected and will do no good.
  1. You should guard against sending spam reports to e-mail addresses that appear to belong to the spammer. These would include the contact addresses listed by whois for spam domains or IP address blocks controlled by spammers. Not only won’t the spammer take any action to stop spamming you, he’ll also note that your address actually works, and will sell or rent it to other spammers, or possibly even target you for special harassment. Instead, you should file your report with the “upstream provider” from which the spammer obtained his resources.
  2. Do not report websites that are not directly involved in the spam pitch. For example, some spammers will encrust their messages with numerous URLs (often hidden) that have nothing to do with their spam, in order to encourage spam-complainers to file inappropriate and misdirected reports (see my analysis sample #7 for a rather flagrant example). Other spammers (e.g., stock spammers) will include links to news websites or stock-quote services to beef up their pitches; the operators of these sites certainly did not give their permission to be included in the spam, and can’t be held responsible for such inclusion. They’re victims of the spammer, just like you.
  3. Reporting spam to some offshore providers (particularly in PR China, Korea, and elsewhere in the Eastern Rim) may often be a waste of time; most of these outfits have a very poor track record when it comes to taking action on spam complaints. This doesn’t mean that you shouldn’t file the complaints (particularly if you use an automated service like SpamCop that makes it very easy for you), but don’t feel too badly about leaving them off if you are pressed for time.
  4. One more special case deserves mention: reporting a large, well-financed pseudo-legitimate spam operation to its upstream providers may not get the results you want. For example, many of these upstream providers simply forward the spam complaints to their spamming customers, disingenuously treating them as “removal requests;” they’re thereby helping you to violate my spam rules #3 and #4. Although these ISPs usually have pretty solid published anti-spam policies, these policies are all too often secretly waived for big customers (this practice is known as a “pink contract”).

How do you report spam?

You have two choices: use a third-party reporting service, or learn do it yourself. In my own case, I started by using SpamCop, but over time I learned enough by watching SpamCop to be able to do this work myself where necessary.

Third-party reporting services

You can use an automated spam reporting service to help you analyze and report your spam. This is a perfect choice for you if you don’t know much about networking (and don’t want to learn). There are a number of these, but the only one with which I personally have enough experience to make a recommendation is SpamCop.

Spam analysis can be rather involved work, and I doubt that I’d do it for many messages if I had to do it all by hand. I also doubt that I’d want to do it if I weren’t technically inclined and interested in unraveling puzzles. For most of my own routine reporting, SpamCop does all the heavy lifting for me, and prepares pro-forma reports for me to file (if I wish) with just a button-click.

If you decide to pay up and use SpamCop as a filtering service for your own mail, you should be aware that it is one of the more comprehensive and aggressive spam filtering services available these days; it tends to be the choice of folks who are very zealous and serious about spam control. Despite this aggressiveness, it also has a very low rate of false positives (at least in my own experience), so you don’t have to worry so much about “honest mail” getting tagged as spam and detained.

Reporting “by hand”

Tracing and reporting spam yourself puts you in full charge of the process; you don't have to depend upon the accuracy or availability of outside services. On the other hand, I won’t pretend that the process doesn’t require some study and practice. It can also take up a fair amount of time (but that time goes down as you get more experienced).

If you'd like to learn to do it yourself, then, here are the steps you generally follow in order to trace and report spam.

  1. Expose the header of the message and find the IP addresses responsible for sending or relaying the spam.
  2. Find the owners of these addresses (or their upstream providers), and locate abuse contact e-mail addresses for these providers.
  3. Expose the body of the message and look for websites or other resources that are involved with the spam pitch.
  4. Find the addresses of these websites, and the owners of these addresses (or their upstream providers), and the appropriate abuse contact e-mail addresses.
  5. Compose an e-mail message containing factual information about the spam, and send it to the abuse contacts you collected.

Rather than go into detail on this page, I’ll direct you elsewhere on the site, where I’ve put together a little tutorial to walk you through this process.

 home | legal stuff | glossary | blog | search

 Legend:  new window    outside link    tools page  glossary link   

(c) 2003-2006, Richard C. Conner ( )

11488 hits since March 28 2009

Updated: Sat, 06 May 2006